Linux Storage

NFS share setup on Linux

Practical Linux guide: nFS share setup on Linux without the usual guesswork.

10 min read Beginner Updated 9 Jun 2026
Linux library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

What you will achieve

Export a directory over NFSv4 from Ubuntu/Debian for LAN clients — common for homelab media, shared web assets, or VM storage.

1) Server packages

sudo apt install nfs-kernel-server
sudo mkdir -p /srv/nfs/share
sudo chown nobody:nogroup /srv/nfs/share
sudo chmod 755 /srv/nfs/share

2) /etc/exports

/srv/nfs/share 192.168.1.0/24(rw,sync,no_subtree_check)
sudo exportfs -ra
sudo systemctl restart nfs-kernel-server

3) Client mount

sudo apt install nfs-common
sudo mount -t nfs4 192.168.1.10:/srv/nfs/share /mnt/nfs

4) firewalld (Fedora server)

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --reload

Verify

showmount -e 192.168.1.10
df -h /mnt/nfs

5) Root squashing

/srv/nfs/share *(rw,sync,all_squash,anonuid=65534,anongid=65534)

Maps remote root to nobody — security best practice for untrusted clients.

6) NFSv4 pseudo filesystem

/export /srv/nfs none bind 0 0
# export /export/share in exports

7) Client fstab

server:/srv/nfs/share /mnt/nfs nfs4 defaults,_netdev 0 0

Performance

sync is safer, async faster — default async on modern NFS still risks data loss on crash. Use for read-heavy static assets, not databases.

8) NFS and Docker volumes

NFS for Docker requires compatible mount options (nfsvers=4.1, no root_squash conflicts). Local bind mounts often simpler for containers.

Prerequisites

nfs-kernel-server installed. Export path permissions set. Client IP range known. Firewall allows NFS ports. UID/GID alignment between client and server for sane permissions.

idmap for all_squash

Configure /etc/idmapd.conf so squashed users map to correct numeric ids — otherwise files show nobody:nogroup with wrong ownership on clients.

showmount verification

showmount -e localhost
exportfs -v

Confirms exports active before debugging client — server-side first always.

NFSv4 kerberos (enterprise)

sec=krb5p adds encryption — requires keytab on server and idmapd configured for AD integration. Homelab sticks to sys auth and IP allowlists; enterprise moves to kerberos for PCI segments.

sync vs async revisited

Database on NFS still bad idea async or sync — use iSCSI or local disk. NFS fine for static assets and shared config read-mostly workloads with cache locally.

firewalld rich rules

Restrict NFS to subnet with rich rule source — default allow all LAN too permissive when guest Wi‑Fi shares L2 segment with servers.

nfsstat for debugging

nfsstat -c
 nfsstat -s

Client vs server RPC stats show retransmits — high retrans means network or server overload not application bug.

hard vs soft mount

soft NFS returns error to app on timeout — hard hangs retrying forever. Databases need local disk; soft ok for static read-mostly assets where retry logic in app acceptable.

fsid for exports

NFSv4 pseudo root needs fsid=0 on export root — missing fsid breaks v4 mount with stale file handle errors.

Related guides

linux nfs share

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Storage
Mount external drives on Linux
Practical Linux guide: mount external drives on Linux without the usual guesswork.
Read guide
Storage
/etc/fstab explained
Practical Linux guide: /etc/fstab explained without the usual guesswork.
Read guide